diff options
author | Abhishek Koneru <akoneru@redhat.com> | 2014-08-28 19:05:36 -0400 |
---|---|---|
committer | Abhishek Koneru <akoneru@redhat.com> | 2014-08-29 11:24:48 -0400 |
commit | a4c36d953281967d653ef8a1d33dae6a8ba34a77 (patch) | |
tree | 5f611a5d32899c785b7d2f06eee590dd57d3df84 | |
parent | a7f8076a5f20812eceac31f7230e4156adf74471 (diff) | |
download | pki-a4c36d953281967d653ef8a1d33dae6a8ba34a77.tar.gz pki-a4c36d953281967d653ef8a1d33dae6a8ba34a77.tar.xz pki-a4c36d953281967d653ef8a1d33dae6a8ba34a77.zip |
Makes output of secrets consistent for all clients.
All the secrets/keys retrieved using the client API's using Java/python
clients will be of the type - byte array. This applies to output of the
retrieveKey method and the public key attribute of the KeyInfo object.
6 files changed, 36 insertions, 25 deletions
diff --git a/base/common/src/com/netscape/certsrv/key/KeyClient.java b/base/common/src/com/netscape/certsrv/key/KeyClient.java index 262a33d8f..ade3765a9 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyClient.java +++ b/base/common/src/com/netscape/certsrv/key/KeyClient.java @@ -725,7 +725,7 @@ public class KeyClient extends Client { * For RSA, JSS accepts key sizes that fall in this set of values: * {256 + (16 * n), where 0 <= n <= 1008 * - * For DSA, JSS accepts key sizes 512, 768, 1024 only when there are no p,q,g params specified. + * For DSA, JSS accepts key sizes 512, 768, 1024 only, when there are no p,q,g params specified. */ if (keyAlgorithm.equals(KeyRequestResource.RSA_ALGORITHM)) { if (keySize >= 256) { diff --git a/base/common/src/com/netscape/certsrv/key/KeyInfo.java b/base/common/src/com/netscape/certsrv/key/KeyInfo.java index 71a858e6b..204cac493 100644 --- a/base/common/src/com/netscape/certsrv/key/KeyInfo.java +++ b/base/common/src/com/netscape/certsrv/key/KeyInfo.java @@ -27,6 +27,7 @@ import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlRootElement; import com.netscape.certsrv.dbs.keydb.KeyId; +import com.netscape.cmsutil.util.Utils; /** * @author alee @@ -55,7 +56,7 @@ public class KeyInfo { protected String ownerName; @XmlElement - protected String publicKey; + private String publicKey; public KeyInfo() { // required for JAXB (defaults) @@ -129,11 +130,31 @@ public class KeyInfo { this.ownerName = ownerName; } - public String getPublicKey() { - return publicKey; + /** + * Converts the stored base64 encoded public key to a byte + * array and returns that value. Returns null, if public key is null. + * + * @return public key - as a byte array + */ + public byte[] getPublicKey() { + if (publicKey != null) { + return Utils.base64decode(publicKey); + } + return null; } - public void setPublicKey(String publicKey) { - this.publicKey = publicKey; + /** + * Sets the binary data of the public key in a + * base64 encoded string format. + * + * @param publicKey - if null, getPublicKey returns null. + */ + public void setPublicKey(byte[] publicKey) { + if (publicKey != null) { + this.publicKey = Utils.base64encode(publicKey); + } else { + this.publicKey = null; + } } + } diff --git a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java index c6bb6933d..12bb1808a 100644 --- a/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java +++ b/base/java-tools/src/com/netscape/cmstools/key/KeyCLI.java @@ -26,6 +26,7 @@ import com.netscape.certsrv.system.SystemCertClient; import com.netscape.certsrv.util.NSSCryptoProvider; import com.netscape.cmstools.cli.CLI; import com.netscape.cmstools.cli.MainCLI; +import com.netscape.cmsutil.util.Utils; /** * @author Endi S. Dewata @@ -97,7 +98,7 @@ public class KeyCLI extends CLI { // Print out the Base64 encoded public key in the form of a blob, // where the max line length is 64. System.out.println(" Public Key: \n"); - String publicKey = info.getPublicKey(); + String publicKey = Utils.base64encode(info.getPublicKey()); int i = 0; for(i=0;i<publicKey.length()/64;i++){ System.out.println(publicKey.substring(i*64, i*64 + 64)); diff --git a/base/kra/functional/drmtest.py b/base/kra/functional/drmtest.py index 4d65955f9..8653763c1 100644 --- a/base/kra/functional/drmtest.py +++ b/base/kra/functional/drmtest.py @@ -60,9 +60,8 @@ def print_key_info(key_info): if key_info.public_key is not None: print "Public key: " print - pub_key = str(key_info.public_key) - for i in range(0, len(pub_key), 64): - print pub_key[i:i+64] + pub_key = base64.encodestring(key_info.public_key) + print pub_key def print_key_data(key_data): diff --git a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java index 1b96c1809..720bba2b9 100644 --- a/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java +++ b/base/kra/functional/src/com/netscape/cms/servlet/test/DRMTest.java @@ -693,7 +693,7 @@ public class DRMTest { } // Test 33: Verify the generated key pair. - if (isKeyPairValid(algs[i], keyData.getData(), Utils.base64decode(info.getPublicKey()))) { + if (isKeyPairValid(algs[i], keyData.getData(), info.getPublicKey())) { log("The key pair generated using " + algs[i] + " algorithm is valid."); } else { log("The key pair generated using " + algs[i] + " algorithm is invalid."); @@ -750,12 +750,8 @@ public class DRMTest { log("Status: " + keyInfo.getStatus()); if (keyInfo.getPublicKey() != null) { log("Public Key: "); - String publicKey = keyInfo.getPublicKey(); - int i = 0; - for (i = 0; i < publicKey.length() / 64; i++) { - log(publicKey.substring(i * 64, i * 64 + 64)); - } - log(publicKey.substring(i * 64)); + String publicKey = Utils.base64encode(keyInfo.getPublicKey()); + log(publicKey); } } diff --git a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java index ecf3b0398..56c6f4c6e 100644 --- a/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java +++ b/base/kra/src/org/dogtagpki/server/kra/rest/KeyService.java @@ -19,7 +19,6 @@ package org.dogtagpki.server.kra.rest; -import java.io.IOException; import java.math.BigInteger; import java.net.URI; import java.util.ArrayList; @@ -70,7 +69,6 @@ import com.netscape.certsrv.request.RequestId; import com.netscape.certsrv.request.RequestStatus; import com.netscape.cms.servlet.base.PKIService; import com.netscape.cms.servlet.key.KeyRequestDAO; -import com.netscape.cmsutil.crypto.CryptoUtil; import com.netscape.cmsutil.ldap.LDAPUtil; import com.netscape.cmsutil.util.Utils; @@ -440,12 +438,8 @@ public class KeyService extends PKIService implements KeyResource { ret.setAlgorithm(rec.getAlgorithm()); ret.setSize(rec.getKeySize()); ret.setOwnerName(rec.getOwnerName()); - if(rec.getPublicKeyData() != null && getPublicKey){ - try { - ret.setPublicKey(CryptoUtil.base64Encode(rec.getPublicKeyData())); - } catch (IOException e) { - throw new EBaseException(e.getMessage()); - } + if (rec.getPublicKeyData() != null && getPublicKey) { + ret.setPublicKey(rec.getPublicKeyData()); } Path keyPath = KeyResource.class.getAnnotation(Path.class); |